chrome-auth-recorder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accesses authenticated browser tabs and ingests third-party page content (tabs_context_mcp + computer(screenshot)) and programmatically reads console messages and network requests (read_console_messages, read_network_requests) from domains like github.com, notion.so, slack.com, etc., and uses those results to decide whether to continue, pause, report errors, or take automated actions — creating a clear path for untrusted, user-generated content to influence agent behavior.